Last Updated: August 30, 2020
WHO WE ARE
Ondot Systems, Inc. U.S., its affiliates and subsidiaries (collectively, “Ondot,” “we,” or “us”) is part of Fiserv that provides banks and credit unions and their service providers (collectively our, “Customers”), with a digital card services platform that enables our Customer’s bank clients the ability to conveniently control and gain insight into their credit and debit card usage (the, “Service”). Ondot does not offer Services directly to consumers.
SCOPE AND APPLICABILITY
This Privacy Notice (“Notice”) describes Ondot’s practices with respect to the collection, use, sharing, disclosure and protection of personal information when individuals visit our website ("www.ondotsystems.com” or “Site”) and/or interact with us at industry events and conferences. This Notice also describes the rights and choices that individuals have with respect to their personal information, and how to contact Ondot to learn more about our privacy practices.
For the purposes of this Notice, “personal information” means any information relating to an identified or identifiable individual and information that is defined as “personally identifiable information”, “personal information”, “personal data”, or a similar term in an applicable data privacy law.
This Notice does not apply to the following:
WHAT PERSONAL INFORMATION DO WE COLLECT
When individuals visit our Site, we collect a limited amount of personal information from both you and your device as described below.
When you attend a conference, trade show, business meeting or other event (collectively, referred to as “Event”), that we sponsor or attend, we may collect personal information from you and/or the Event host as described below.
We may aggregate and/or deidentify personal information received via our Site to produce reports on Site activity and statistics. We use Google Analytics, SalesLoft, Clym, Visitor Queue, Marketo, to collect and analyze such information. For more information about how we collect information about you, please see Cookies and Other Tracking Technologies.
See Your Privacy Choices and Accessing, Correcting, and Updating Your Personal Information below for more information about how to limit Ondot’s collection and use of personal information.
COOKIES AND TRACKING TECHNOLOGIES
DO NOT TRACK
Do Not Track (or just DNT) is a privacy preference you can set in most browsers. Ondot supports Do Not Track because we think it’s really important that you have a simple way to control how your info gets used. That's why we honor DNT as a signal of whether we can collect your data through third-parties as you visit our site.
For all the details, including how to turn on Do Not Track, visit allaboutdnt.com.
HOW WE USE PERSONAL INFORMATION
We use your personal information to:
TO WHOM DO WE DISCLOSE PERSONAL INFORMATION
Ondot does not sell personal information collected via its Site or otherwise, whether to advertisers or other third parties. However, Ondot may disclose your personal information as follows:
Any third parties with which we share personal information are limited by law and by contract in their ability to use the personal information. Ondot requires service providers acting on our behalf or with whom we share personal information to provide appropriate privacy and security measures consistent with applicable law and with this Notice.
DATA STORAGE AND RETENTION
Ondot stores personal information on its servers, and on the servers of the cloud-based database management service providers we use, located in the United States. Ondot retains personal information obtained via our Site for as long as needed to fulfill our legitimate business purposes described in this Notice including to support our business operations, administer our Site, respond to inquiries, fulfill legal or regulatory obligations, and enforce our rights.
We utilize a combination of technical, administrative and physical controls to help safeguard personal information against unauthorized access, disclosure, alteration and destruction. We employ Secure Socket Layer (SSL) data encryption when data is transmitted over the Internet to our Site. We have installed layered firewalls and other security technologies to help prevent unauthorized access to our systems. The servers used to store personal information are maintained in a secure environment with appropriate security measures. We regularly review our established policies and procedures to ensure that they are appropriate and effective at meeting our commitment to those providing us with personal information.
Notwithstanding our security safeguards, it is impossible to guarantee absolute security. If you have any questions about the security of personal information addressed in this Notice, please contact us at firstname.lastname@example.org.
EXERCISING YOUR RIGHTS
You may have certain rights in connection with the personal information that Ondot obtains about you including the right to:
To help protect your privacy and maintain security, we must verify your identity before granting you access to your personal information. We may decline your access request, but if we do, we will provide an explanation for our decision. We will consider all such requests and provide our response within a reasonable period (and in any event within the time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests, for example if we need to retain the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will inform you when responding to your request.
If you wish to exercise any of the rights above, please contact us at email@example.com. If you have questions about this Notice, you may reach us as noted in Contact Us below.
FOR CALIFORNIA RESIDENTS
California law grants California residents the following rights:
Before Ondot fulfills any request we receive invoking these rights, we will use the information that you submit in your request to match it against any information that we may have in order to verify with reasonable certainty that you are the individual to whom the information we maintain pertains.
If you wish to submit a request to invoke one of the below rights, please provide your name, address, phone number and any other identifiers that you think will help us to verify your identity via email or phone to:
Practices During the Last Twelve Months. During the prior twelve months, Ondot has collected the following categories of personal information about consumers visiting our Site: (a) personal identifiers; (b) professional information; and (c) electronic network activity information. Additionally, during the prior twelve months, Ondot has collected the following categories of personal information about consumers at Events: (a) personal identifiers; and (b) professional information. Those categories of personal information were collected directly from the individual and/or from their electronic device. Each of these categories of personal information may have been collected for each of the purposes described in How We Use Your Personal Information and, during the prior twelve months, may have been disclosed in accordance with, and to the categories of entities set forth in, To Whom Do We Disclose Personal Information.
Private Right of Action in the Event of a Security Incident. In addition to the above, the California law affords all California residents a private right of action if his/her/its nonencrypted and nonredacted personal information (as defined below) is accessed and exfiltrated, stolen or disclosed as the result of a business’ failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information.
(i) Social security number
(ii) Driver’s license number, California ID card number, tax ID number, passport number, military ID number, or other unique ID number issued on a government document commonly used to verify the identity of a specific individual
(iii) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
(iv) Medical information
(v) Health insurance information
(vi) Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. Unique biometric data does not include a physical or digital photograph, unless used or stored for facial recognition purpose.
Ondot does not knowingly or intentionally collect any personal information from, or market to, individuals under the age of 13. Our Site is not intended for persons under the age of 13. If you learn that a child under the age of 13 has provided us with personal information contrary to these rules, please contact us at firstname.lastname@example.org, and we will remove that information.
BASIS FOR PROCESSING AND INTERNATIONAL TRANSFER
We operate internationally, but the majority of our computer systems are currently based in the United States, which means Information we collect will be processed by us in the U.S. where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union.
When we transfer personal information from territories in the European Economic Area (“EEA”), the United Kingdom (“UK”) or countries with data privacy laws similar to those of the EEA and the UK, to the United States and elsewhere outside the EEA, we rely on standard contractual clauses approved by the European Commission or other relevant governmental authority. EEA and UK residents and other eligible individuals may request a copy of the standard contractual clauses relevant to their personal information, if any, using the contact information below.
EEA / UK
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Please contact us at email@example.com if you wish to make a request, or contact our helpline at 800.266.6644 You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Individuals may also contact the relevant supervisory authority with a complaint related to our handling of their personal information. However, we invite you to give us a chance to resolve the situation directly with you. Your privacy is important to us, and we will do our best to address any concerns.
THIRD PARTY SERVICES, APPLICATIONS, AND WEBSITES
Certain third-party services, websites, or applications used to navigate to and from the Site, such as search engines, LinkedIn, and Instagram, have separate user terms and privacy policies that are independent of this Notice. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.
Choice to Opt-Out
If you would like to opt out of receiving periodic email communication from us (regarding company news, product and service information, etc.), you may do so by clicking the ‘Unsubscribe’ link provided at the bottom of those emails, or send an unsubscribe request to firstname.lastname@example.org.
CHANGES TO THIS NOTICE
We may update this Notice from time to time and we encourage you to review this Notice each time you visit our Site. You can determine when this Notice was last revised by referring to the “Last Updated Date” at the top of this Notice.
If you have questions or complaints about this Notice, or if you wish to exercise any of your rights in relation to your personal information, please email us at email@example.com or write to us at:
Attn: Legal Department
Ondot Systems, Inc.
1731 Technology Dr, Ste 700
San Jose, CA 95110
We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.